Duplicate Entry error when enabling AD account

I开发者_如何学Python am trying to add users to Active Directory programmatically and I keep running into an error - no matter what user I create as soon as I enable the account a "Duplicate Entry " error is thrown. This is the code that I am using:

DirectoryEntry NewUser = AD.Children.Add("CN=" + username, "User");
NewUser.CommitChanges();

//Add user information
NewUser.Invoke("SetPassword", password);
NewUser.Properties["givenName"].Value = FirstName;
NewUser.Properties["sn"].Value = LastName;
NewUser.Properties["mail"].Value = email;
NewUser.Properties["userPrincipalName"].Value = username + @"domainname";
NewUser.Properties["userAccountControl"].Add(0x200);//enable account
NewUser.CommitChanges();

When I comment out the line that changes the userAccountControl, everything works fine. I even tried to create a new entry and modify it that way using this code:

DirectoryEntry editUser = getUserEntry(username);
editUser.Properties["userAccountControl"].Add(0x200);//enable account
editUser.CommitChanges();

but that still throws the same error. getUserEntry just grabs the directory entry from AD given the username. Can anyone see a reason why a duplicate entry error would occur in this case?

Can you try to replace by :

DirectoryEntry editUser = getUserEntry(username);
editUser.Properties["userAccountControl"][0] = (0x200);//enable account 
editUser.CommitChanges(); 

You probably know that some attributes can be multi-valued, userAccountControl can't, but in your code that's what you try to do, I mean to multi-value it. In my code I just assign a new value (it's going to play a replace on the pure LDAP point of vue).